-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:098
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 Paras Sethia discovered that libcurl would sometimes mix up multiple
 HTTP and HTTPS connections with NTLM authentication to the same server,
 sending requests for one user over the connection authenticated as
 a different user (CVE-2014-0015).
 
 libcurl can in some circumstances re-use the wrong connection when
 asked to do transfers using other protocols than HTTP and FTP, causing
 a transfer that was initiated by an application to wrongfully re-use
 an existing connection to